Template Conditionals
Author Message
This is essentially a more restrictive version of my PHP in Templates plugin.  The restrictions aim to make this a "safe" plugin to use, that is, doesn't allow arbitrary PHP execution, but still gives the benefits of template conditionals.

You may notice that this still uses the "phptpl" name, and thus, is incompatible with the PHP in Templates plugin.  Both plugins are very similar though.  The differences between this and the other plugin are:
  • Admins cannot enter PHP code using <?php ?> tags
  • Conditionals in <if> and <elseif> tags are checked to ensure that they are "safe" (see below)
  • file_get_contents function has been removed from the allowable <func ...>...</func> shortcuts
  • There's a new <?=...?> tag to print out the result of a "safe" PHP expression; although this is a tag, only PHP expressions may exist inside (do not terminate expressions with a semicolon), so you cannot nest other tags inside this
    Example (prints 123654321):

    HTML Code
    123<?=substr("987654321", 3)?>

  • There's also a new <setvar name>...</setvar> tag which can set variables; for safety reasons, these are actually stored in a $tplvars array.  Examples:
    (just prints some text)

    HTML Code
    <setvar uselesstext>"some text"</setvar>
    {$tplvars['uselesstext']}

    (prints out the username of the user with UID of 2)

    HTML Code
    <setvar user2>get_user(2)</setvar>
    <func htmlspecialchars_uni>{$tplvars['user2']['username']}</func>


v1.0-1.3 of this plugin is based off v1.7 of PHP in Templates.
As of v1.8, PHP 5.3 or later is required.
This plugin can be used with the Admin Security plugin.

"Safe expressions"
This plugin implements "safe expression" checking; essentially, this does impose a bit of a performance hit, but, on the other hand, tries to ensure no "bad PHP" gets executed.
For more information on what I consider to be a "safe expression", see my blog post here.
For the purposes of this plugin, all valid PHP expressions are allowed, as long as they don't infringe on any of the following conditions:
  • no assignment/modification operators (=, +=, |=, ++ etc) allowed
  • no statements such as include, exit, eval etc are allowed
  • no special constants such as PHP_OS, PHP_LIBDIR etc are allowed
  • backtick (`) operator not allowed
  • heredoc type strings not allowed (takes too much effort to handle) - use double quoted strings instead
  • double quoted strings may not contain the "{" character (takes too much effort to handle) - use string concatenation instead
  • array and object typecasting not allowed
  • no variable functions or method calls allowed
  • single line comments (//, #) not allowed
  • only some functions are allowed - see inc/plugins/phptpl_allowed_funcs.txt for a list of allowed functions
(This post was last modified: 06-26-2023 10:42 PM by ZiNgA BuRgA.)
Find all posts by this user
Quote this message in a reply
Download: tplcond-1.9.7z (6.35 KB)
Plugin Version: 1.9
Last Updated: 06-26-2023, 10:42 PM

Downloads: 5,263
MyBB Compatibility: 1.2.x, 1.4.x, 1.6.x, 1.8.x
Plugin License: GPLv3
Uploader: ZiNgA BuRgA
xboris2010 Offline
Junior Member
**
Posts: 14
Joined: Feb 2014
Post: #61
RE: Template Conditionals
Hello how can i do this

IF user is guest = showads

im trying to add a advetisement on the front page of the site, but i only want those who are not logged in to see it. if they logged in, do not display ad.

thanks!

and hi leefish <3
07-10-2015 12:58 AM
Find all posts by this user Quote this message in a reply
ollie2015 Offline
Member
***
Posts: 90
Joined: Jan 2015
Post: #62
RE: Template Conditionals
whats the latest version, thanks
07-10-2015 03:47 AM
Find all posts by this user Quote this message in a reply
tempo Offline
Junior Member
**
Posts: 30
Joined: Aug 2012
Post: #63
RE: Template Conditionals
is it possible using "Template Conditionals" to work with database into mybb templates?

for example i want to read all the values from fileld "number" from dbase table "test" and calculate and display the average value....
07-12-2015 08:37 PM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #64
RE: Template Conditionals
(07-10-2015 12:58 AM)xboris2010 Wrote:  Hello how can i do this

IF user is guest = showads

Code:
<if !$mybb->user['uid'] then>blah</if>


(07-12-2015 08:37 PM)tempo Wrote:  is it possible using "Template Conditionals" to work with database into mybb templates?
No, database queries are not considered a "safe" operation, so can only be done via PHP in Templates.

My Blog
07-14-2015 02:19 PM
Find all posts by this user Quote this message in a reply
iamkristrammell Offline
Junior Member
**
Posts: 6
Joined: Nov 2015
Post: #65
RE: Template Conditionals
(07-14-2015 02:19 PM)ZiNgA BuRgA Wrote:  
(07-10-2015 12:58 AM)xboris2010 Wrote:  Hello how can i do this

IF user is guest = showads

Code:
<if !$mybb->user['uid'] then>blah</if>


Wouldn't that just show the code or text to a certain person on the forums? I think he wants to show it to a certain group.

Also, I just tried this on my forum and it showed it to me while I was logged in and logged out.

I was wondering how I would show a "verified" badge on that groups member profiles. Can you do that with this plugin?
(This post was last modified: 11-07-2015 03:39 AM by iamkristrammell.)
11-07-2015 03:37 AM
Find all posts by this user Quote this message in a reply
RateU Offline
Administrator
*******
Posts: 2,350
Joined: Mar 2010
Post: #66
RE: Template Conditionals
(11-07-2015 03:37 AM)iamkristrammell Wrote:  Wouldn't that just show the code or text to a certain person on the forums? I think he wants to show it to a certain group.

Guest "doesn't have" an uid.

(11-07-2015 03:37 AM)iamkristrammell Wrote:  Also, I just tried this on my forum and it showed it to me while I was logged in and logged out.

Not quite sure how you applied it. I've just tested it and works for me.

(11-07-2015 03:37 AM)iamkristrammell Wrote:  I was wondering how I would show a "verified" badge on that groups member profiles. Can you do that with this plugin?

You can use usergroup

(This post was last modified: 11-07-2015 04:16 AM by RateU.)
11-07-2015 04:16 AM
Find all posts by this user Quote this message in a reply
iamkristrammell Offline
Junior Member
**
Posts: 6
Joined: Nov 2015
Post: #67
RE: Template Conditionals
(11-07-2015 04:16 AM)RateU Wrote:  You can use usergroup

Would it be like:

Code:
<if !$mybb->usergroup['gid'] then>blah</if>


Sorry, I'm not very good with php yet. If that's not right could you give me an example?

11-07-2015 04:37 AM
Find all posts by this user Quote this message in a reply
RateU Offline
Administrator
*******
Posts: 2,350
Joined: Mar 2010
Post: #68
RE: Template Conditionals
In member_profile template, right?

You need to use $memprofile['usergroup']

For example:

Code:
<if $memprofile['usergroup'] == 4 then>blah</if>


11-07-2015 04:44 AM
Find all posts by this user Quote this message in a reply
iamkristrammell Offline
Junior Member
**
Posts: 6
Joined: Nov 2015
Post: #69
RE: Template Conditionals
I can use that multiple times right and what about if I want to use it on say the index or another page? By multiple times I mean that I can show multiple things on a single profile if they are in multiple groups.
(This post was last modified: 11-07-2015 05:03 AM by iamkristrammell.)
11-07-2015 04:58 AM
Find all posts by this user Quote this message in a reply
RateU Offline
Administrator
*******
Posts: 2,350
Joined: Mar 2010
Post: #70
RE: Template Conditionals
(11-07-2015 04:58 AM)iamkristrammell Wrote:  I can use that multiple times right and what about if I want to use it on say the index or another page?

Some areas have its own data array (for example, the $memprofile applied in user profile for the profile owner). You use $mybb->user for the viewer.

11-07-2015 05:06 AM
Find all posts by this user Quote this message in a reply


Forum Jump: